From 5cdbb41bbbd08ed37ab9ecfcbe321109c556c491 Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Mon, 17 Jun 2024 10:05:09 -0400 Subject: [PATCH] Switch secrets to vars where appropriate --- .../cloud-deploy-to-cloud-run.yml | 4 ++-- workflows/deploy-cloudrun/cloudrun-buildpacks.yml | 10 +++++----- workflows/deploy-cloudrun/cloudrun-declarative.yml | 6 +++--- workflows/deploy-cloudrun/cloudrun-docker.yml | 6 +++--- workflows/deploy-cloudrun/cloudrun-source.yml | 4 ++-- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/workflows/create-cloud-deploy-release/cloud-deploy-to-cloud-run.yml b/workflows/create-cloud-deploy-release/cloud-deploy-to-cloud-run.yml index ebc5b39..471e9ba 100644 --- a/workflows/create-cloud-deploy-release/cloud-deploy-to-cloud-run.yml +++ b/workflows/create-cloud-deploy-release/cloud-deploy-to-cloud-run.yml @@ -111,8 +111,8 @@ jobs: id: 'auth' uses: 'google-github-actions/auth@v1' with: - workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider - service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com + workload_identity_provider: '${{ vars.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider + service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com - name: 'Set up Cloud SDK' uses: 'google-github-actions/setup-gcloud@v1' diff --git a/workflows/deploy-cloudrun/cloudrun-buildpacks.yml b/workflows/deploy-cloudrun/cloudrun-buildpacks.yml index 5d87ea4..bc2093e 100644 --- a/workflows/deploy-cloudrun/cloudrun-buildpacks.yml +++ b/workflows/deploy-cloudrun/cloudrun-buildpacks.yml @@ -61,7 +61,7 @@ env: REPOSITORY: YOUR_REPOSITORY_NAME # TODO: update Artifact Registry repository name SERVICE: YOUR_SERVICE_NAME # TODO: update Cloud Run service name REGION: YOUR_SERVICE_REGION # TODO: update Cloud Run service region - SOURCE_DIRECTORY: YOUR_SOURCE_DIRECTORY #TODO: update source code directory + SOURCE_DIRECTORY: YOUR_SOURCE_DIRECTORY #TODO: update source code directory jobs: deploy: @@ -80,8 +80,8 @@ jobs: uses: 'google-github-actions/auth@v0' with: token_format: 'access_token' - workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider - service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com + workload_identity_provider: '${{ vars.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider + service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com # NOTE: Alternative option - authentication via credentials json # - name: Google Auth @@ -100,7 +100,7 @@ jobs: username: 'oauth2accesstoken' password: '${{ steps.auth.outputs.access_token }}' registry: '${{ env.GAR_LOCATION }}-docker.pkg.dev' - + # NOTE: Alternative option - authentication via credentials json # - name: Docker Auth # id: docker-auth @@ -110,7 +110,7 @@ jobs: # username: _json_key # password: ${{ secrets.GCP_CREDENTIALS }} - # BEGIN - Pack download, build and publish + # BEGIN - Pack download, build and publish # Build and publish image to Artifact Registry - name: Build and Publish with Buildpacks diff --git a/workflows/deploy-cloudrun/cloudrun-declarative.yml b/workflows/deploy-cloudrun/cloudrun-declarative.yml index bfdc57e..8d937aa 100644 --- a/workflows/deploy-cloudrun/cloudrun-declarative.yml +++ b/workflows/deploy-cloudrun/cloudrun-declarative.yml @@ -76,8 +76,8 @@ jobs: uses: 'google-github-actions/auth@v0' with: token_format: 'access_token' - workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider - service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com + workload_identity_provider: '${{ vars.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider + service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com # NOTE: Alternative option - authentication via credentials json # - name: Google Auth @@ -106,7 +106,7 @@ jobs: # Create Cloud Run YAML Service specification from template # envsubst is replacing template variables and creating a YAML Service specification with the new image tag - - name: Create Service declearation + - name: Create Service declearation run: |- export IMAGE="${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}" export SERVICE="${{ env.SERVICE }}" diff --git a/workflows/deploy-cloudrun/cloudrun-docker.yml b/workflows/deploy-cloudrun/cloudrun-docker.yml index d016921..c0c15a3 100644 --- a/workflows/deploy-cloudrun/cloudrun-docker.yml +++ b/workflows/deploy-cloudrun/cloudrun-docker.yml @@ -76,8 +76,8 @@ jobs: uses: 'google-github-actions/auth@v0' with: token_format: 'access_token' - workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider - service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com + workload_identity_provider: '${{ vars.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider + service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com # NOTE: Alternative option - authentication via credentials json # - name: Google Auth @@ -97,7 +97,7 @@ jobs: username: 'oauth2accesstoken' password: '${{ steps.auth.outputs.access_token }}' registry: '${{ env.GAR_LOCATION }}-docker.pkg.dev' - + # NOTE: Alternative option - authentication via credentials json # - name: Docker Auth # id: docker-auth diff --git a/workflows/deploy-cloudrun/cloudrun-source.yml b/workflows/deploy-cloudrun/cloudrun-source.yml index 9ce262f..ad83178 100644 --- a/workflows/deploy-cloudrun/cloudrun-source.yml +++ b/workflows/deploy-cloudrun/cloudrun-source.yml @@ -72,8 +72,8 @@ jobs: id: auth uses: 'google-github-actions/auth@v0' with: - workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider - service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com + workload_identity_provider: '${{ vars.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider + service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com # NOTE: Alternative option - authentication via credentials json # - name: Google Auth